<?php
/* -------------------------------------------------------------------------------------
* 	ID:						$Id: login.php 299 2013-09-23 10:45:35Z phone.mueller@googlemail.com $
* 	Letzter Stand:			$Revision: 299 $
* 	zuletzt geaendert von:	$Author: siekiera $
* 	Datum:					$Date: 2013-09-23 10:45:35 +0000 (Mon, 23 Sep 2013) $
*
* 	SEO:mercari by Siekiera Media
* 	http://www.seo-mercari.de
*
* 	Copyright (c) since 2011 SEO:mercari
* --------------------------------------------------------------------------------------
* 	based on:
* 	(c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
* 	(c) 2002-2003 osCommerce - www.oscommerce.com
* 	(c) 2003     nextcommerce - www.nextcommerce.org
* 	(c) 2005     xt:Commerce - www.xt-commerce.com
*
* 	Released under the GNU General Public License
* ----------------------------------------------------------------------------------- */

include('includes/application_top.php');

if(isset($_SESSION['customer_id']) && ($_SESSION['cart']->count_contents() > 0))
	redirect(href_link(FILENAME_SHOPPING_CART, '', 'SSL'));
elseif(isset($_SESSION['customer_id']))
	redirect(href_link(FILENAME_ACCOUNT, '', 'SSL'));

$smarty = new Smarty();
$return = '';

require(DIR_FS_CATALOG.'templates/'.CURRENT_TEMPLATE.'/source/boxes.php');

require_once(DIR_FS_INC.'inc.validate_password.php');
require_once(DIR_FS_INC.'inc.array_to_string.php');

if($session_started == false)
	redirect(href_link(FILENAME_COOKIE_USAGE));

$smarty->assign('BUTTON_LOGIN', image_submit('button_login.gif', IMAGE_BUTTON_LOGIN));

if(isset($_GET['action']) && ($_GET['action'] == 'process')) {
	$email_address = $_POST['email_address'];
	$password = $_POST['password'];

    $check_customer = $db->db_query("SELECT
										customers_id,
										customers_cid,
										customers_vat_id,
										customers_status,
										customers_firstname,
										customers_lastname,
										customers_gender,
										customers_password,
										customers_email_address,
										customers_default_address_id,
										login_tries,
										login_time
									FROM
										".TABLE_CUSTOMERS."
									WHERE
										(customers_email_address = ".$db->db_prepare($email_address)."
										OR
										customers_cid = ".$db->db_prepare($email_address).")
									AND
										account_type = '0'");
    if(!$check_customer->_numOfRows) {
	    $_GET['login'] = 'fail';
	    $info_message = TEXT_NO_EMAIL_ADDRESS_FOUND;

    } else {
        $login_success = true;
		$blocktime = LOGIN_TIME;
		$time = time();
		$logintime = strtotime($check_customer->fields['login_time']);
		$difference = $time - $logintime;
		$login_tries = $check_customer->fields['login_tries'];
		
		if(($_POST['security_code'] != $_SESSION['security_code_login']) || (!empty($_SESSION['security_code_login']) && empty($_POST['security_code']))) {
			$info_message = TEXT_WRONG_CODE;
			$db->db_query("UPDATE ".TABLE_CUSTOMERS." SET login_tries = login_tries+1, login_time = now() WHERE customers_email_address = ".$db->db_prepare($email_address));
			$login_success = false;

		} elseif (!validate_password($password, $check_customer->fields['customers_password'])) {
			$_GET['login'] = 'fail';
			$info_message = TEXT_LOGIN_ERROR;
			$db->db_query("UPDATE ".TABLE_CUSTOMERS." SET login_tries = login_tries+1, login_time = now() WHERE customers_email_address = ". $db->db_prepare($email_address));
			$login_success = false;
		}

       	if(($login_tries >= LOGIN_NUM && $difference < $blocktime) || ($_POST['security_code'] != $_SESSION['security_code_login'])) {
       		$captcha_site = '_login';
       		include('captcha.php');
			$smarty->assign('VVIMG', '<img width="200" height="70" src="captcha.php?show=true&name=login" alt="Captcha" id="captcha_image" /> ');
			$smarty->assign('INPUT_CAPTCHA', draw_input_field('security_code', '', 'size="6" maxlength="6" style="width:25px; text-align:center" id="security_code"', 'text', false));
			$smarty->assign('BUTTON_LOGIN', image_submit('button_login.gif', IMAGE_BUTTON_LOGIN, 'id="login_button"'));
       	}
		
		if($login_success) {
			$db->db_query("UPDATE 
								".TABLE_CUSTOMERS." 
							SET 
								login_tries = 0, 
								login_time = NOW() 
							WHERE 
								customers_email_address = ".$db->db_prepare($email_address));

			$check_country = $db->db_query("SELECT
												entry_country_id,
												entry_zone_id
											FROM
												".TABLE_ADDRESS_BOOK."
											WHERE
												customers_id = ".(int)$check_customer->fields['customers_id']."
											AND
												address_book_id = ".(int)$check_customer->fields['customers_default_address_id']);

			$_SESSION['customer_gender'] = $check_customer->fields['customers_gender'];
			$_SESSION['customer_first_name'] = $check_customer->fields['customers_firstname'];
			$_SESSION['customer_last_name'] = $check_customer->fields['customers_lastname'];
			$_SESSION['customer_id'] = $check_customer->fields['customers_id'];
			$_SESSION['customer_cid'] = $check_customer->fields['customers_cid'];
			$_SESSION['customer_vat_id'] = $check_customer->fields['customers_vat_id'];
			$_SESSION['customer_default_address_id'] = $check_customer->fields['customers_default_address_id'];
			$_SESSION['customer_country_id'] = $check_country->fields['entry_country_id'];
			$_SESSION['customer_zone_id'] = $check_country->fields['entry_zone_id'];

			$db->db_query("UPDATE 
								".TABLE_CUSTOMERS_INFO." 
							SET 
								customers_info_date_of_last_logon = NOW(), 
								customers_info_number_of_logons = customers_info_number_of_logons+1 
							WHERE 
								customers_info_id = ".(int)$_SESSION['customer_id']);

			require_once(DIR_FS_INC.'inc.write_user_info.php');
			write_user_info((int)$_SESSION['customer_id']);

			$_SESSION['cart']->restore_contents();
			$_SESSION['wish_list']->restore_contents();

			unset($_SESSION['security_code_login']);
			unset($_SESSION['captcha']);
			
			if(isset($_POST['r']) && !empty($_POST['r']))
				redirect($_POST['r']);		
			if($_SESSION['customer_id'] == '1' && AFTER_LOGIN == 'true')
				redirect(href_link('admin/start.php', '', 'SSL'));
			if(preg_match("/shopping_cart/i", $_SERVER['HTTP_REFERER']))
				redirect(FILENAME_SHOPPING_CART);
			else
				redirect($_SERVER['HTTP_REFERER']);
		}
	}	
}

if(!isset($_GET['action'])) {
	require(DIR_WS_CLASSES.'class.input_fields.php');
	$field = new input_fields('create_account');
	
	if(isset($_GET['r']) && !empty($_GET['r']))
		$return = draw_hidden_field('r', $_GET['r']);
	elseif(isset($_POST['r']) && !empty($_POST['r']))
		$return = draw_hidden_field('r', $_POST['r']);

	$gender_male = $field->getField('gender', 'm');
	$gender_female = $field->getField('gender', 'f');
	$title = $field->getField('title', '', 'size="6"');
	$firstname = $field->getField('firstname');
	$lastname = $field->getField('lastname');
	$dob = $field->getField('dob');
	$email = $field->getField('email');
	$email_confirmation = $field->getField('email_confirmation');
	$company = $field->getField('company');
	$vat = $field->getField('vat');
	$street_address = $field->getField('street_address', '', 'size="21" class="create_account_street"');
	$street_address_num = $field->getField('street_address_num', '', 'size="3" class="create_account_street_num"');
	$suburb = $field->getField('suburb');
	$postcode = $field->getField('postcode', '', 'size="5"  class="create_account_postcode"');
	$city = $field->getField('city', '', 'size="19" class="create_account_city"');
	$zone_id = $field->getField('state', '', 'class="create_account_state"');
	$country = $field->getField('country', '', 'class="create_account_state" id="country"');
	$telephone = $field->getField('telephone');
	$fax = $field->getField('fax');
	$newsletter = $field->getField('newsletter', '1');
	$password = $field->getField('password');
	$confirmation = $field->getField('confirmation');
  $datensg =$field->getField('datensg');
	
	$smarty->assign('FORM_ACTION_CREATE', draw_form('create_account', href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL')).draw_hidden_field('action', 'process').$return);
	$smarty->assign('INPUT_TITLE', $title);
	$smarty->assign('INPUT_MALE', $gender_male);
	$smarty->assign('INPUT_FEMALE', $gender_female);
	$smarty->assign('INPUT_FIRSTNAME', $firstname);
	$smarty->assign('INPUT_LASTNAME', $lastname);
	$smarty->assign('INPUT_DOB', $dob);
	$smarty->assign('INPUT_EMAIL', $email);
	$smarty->assign('INPUT_EMAIL_CONFIRMATION', $email_confirmation);
	$smarty->assign('INPUT_COMPANY', $company);
	$smarty->assign('INPUT_VAT', $vat);
	$smarty->assign('INPUT_STREET', $street_address);
	$smarty->assign('INPUT_STREET_NUM', $street_address_num);
	$smarty->assign('INPUT_SUBURB', $suburb);
	$smarty->assign('INPUT_CODE', $postcode);
	$smarty->assign('INPUT_CITY', $city);
	$smarty->assign('INPUT_STATE', $zone_id);
	$smarty->assign('INPUT_COUNTRY', $country);
	$smarty->assign('INPUT_TEL', $telephone);
	$smarty->assign('INPUT_FAX', $fax);
	$smarty->assign('INPUT_PASSWORD', $password);
	$smarty->assign('INPUT_CONFIRMATION', $confirmation);
	$smarty->assign('SELECT_COUNTRY', $state);
	$smarty->assign('INPUT_NEWSLETTER', $newsletter);
		
	$smarty->assign('BUTTON_SUBMIT', image_submit('button_send.gif', IMAGE_BUTTON_SEND));
	
	$shop_content_data = $db->db_query("SELECT content_title,content_heading,content_text,content_file FROM ".TABLE_CONTENT_MANAGER." WHERE content_group='2' AND languages_id='".$_SESSION['languages_id']."'");
  $dsg_error = (strpos($datensg, 'error_border') !== false);
	
	if ($shop_content_data->fields['content_file'] != '') {
		if($shop_content_data->fields['content_file'] == 'janolaw_datenschutz.php') {
			include(DIR_FS_INC.'inc.janolaw.php');
			$datensg = JanolawContent('datenschutzerklaerung', 'txt');
		} else
			//$datensg = '<iframe src="'.DIR_WS_CATALOG.'media/content/'.$shop_content_data->fields['content_file'].'" width="100%" height="300"></iframe>';
      ob_start();
      include (DIR_FS_CATALOG.'media/content/'.$shop_content_data->fields['content_file']);
      $content_body = utf8_encode(ob_get_contents());
  		ob_end_clean();
  		$datensg = '<div class="'.($dsg_error?'error_border ':'').'div_textarea">'.$content_body.'</div>';
	} else
		$datensg = '<textarea name="blabla" cols="60" rows="10" readonly="readonly">'.strip_tags(str_replace('<br />', "\n", $shop_content_data->fields['content_text'])).'</textarea>';
	
	$smarty->assign('DSG', $datensg);
	if(SITE_OVERLAYS == 'true') {
		$smarty->assign('BUTTON_PRINT', '<a class="shipping" title="" href="'.href_link(FILENAME_PRINT_CONTENT, 'coID=2&iframe=true').'">'.PRINT_CONTENT.'</a>');
		$smarty->assign('TITLE_DSG', sprintf(INFO_DSG_OVERLAY, href_link(FILENAME_POPUP_CONTENT, 'coID=2&iframe=true')));

	} else {
		$smarty->assign('BUTTON_PRINT', '<a onclick="javascript:window.open(\''.href_link(FILENAME_PRINT_CONTENT, 'coID=2').'\', \'popup\', \'toolbar=0, width=640, height=600\')">'.PRINT_CONTENT.'</a>');
		$smarty->assign('TITLE_DSG', sprintf(INFO_DSG_OVERLAY, href_link(FILENAME_POPUP_CONTENT, 'coID=2&iframe=true')));
	}
	$smarty->assign('DATENSG_CHECKBOX', '<input type="checkbox" value="datensg" name="datensg" />');
}

$breadcrumb->add(NAVBAR_TITLE_LOGIN, href_link(FILENAME_LOGIN, '', 'SSL'));
require(DIR_WS_INCLUDES.'xajax/xajax_core/xajax.inc.php');
include(DIR_WS_INCLUDES.'xajax/xajax.login.php');
require(DIR_WS_INCLUDES.'header.php');

$smarty->assign('info_message', $info_message);
$smarty->assign('account_option', ACCOUNT_OPTIONS);
$smarty->assign('BUTTON_NEW_ACCOUNT', '<a href="'.href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL').'">'.image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE).'</a>');
$smarty->assign('BUTTON_GUEST', '<a href="'.href_link(FILENAME_CREATE_GUEST_ACCOUNT, '', 'SSL').'">'.image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE).'</a>');
$smarty->assign('FORM_ACTION', draw_form('login', href_link(FILENAME_LOGIN, 'action=process', 'SSL')).$return);
$smarty->assign('INPUT_LOGIN_MAIL', draw_input_field('email_address'));
$smarty->assign('INPUT_LOGIN_PASSWORD', draw_password_field('password'));
$smarty->assign('LINK_LOST_PASSWORD', href_link(FILENAME_PASSWORD_DOUBLE_OPT, '', 'SSL'));
$smarty->assign('FORM_END', '</form>');

$smarty->assign('language', $_SESSION['language']);
$smarty->caching = false;

$main_content = $smarty->fetch(CURRENT_TEMPLATE.'/module/login.html');
$smarty->assign('main_content', $main_content);
$smarty->assign('language', $_SESSION['language']);
$smarty->caching = false;
if(!defined('RM'))
	$smarty->loadFilter('output', 'note');
$smarty->loadFilter('output','trimwhitespace');
$smarty->display(CURRENT_TEMPLATE.'/index.html');
include('includes/application_bottom.php');
